= opsi (open pc server integration) = [[PageOutline]] [[http://www.opsi.org |opsi]] is a Windows system management tool, supporting everthing up to Windows XP, Windows Vista and Windows 7. It handles the initial Windows installation and the installation of additional software products. opsi is mainly developed by [http://www.uib.de uib]. == additional OPSI ressources == [[TitleIndex(opsi/)]] == General remarks about Windows silient/unattended configuration == /!\ more or less just some notes I've collected during work. [[TitleIndex(windows/)]] = OPSI Products = These are the packages, that can be installed by OPSI. Standard packages can be found at: * http://download.uib.de/opsi4.0/products/netboot/ * http://download.uib.de/opsi4.0/products/localboot/ * http://download.uib.de/opsi4.0/products/contribute/ * https://forum.opsi.org/wiki/userspace:script_templates How to handle additional packages from http://www.dass-it.de: * copy the sources to your OPSI workbench * if required, add the missing components * create an OPSI package by * {{{opsi-makeproductfile PACKAGENAME}}} * install package by * {{{opsi-package-manager --install --properties ask PACKAGE.opsi}}} == bitlocker == source:: source:opsi/products/bitlocker package:: source:opsi/products/ Windows 7 includes the bitlocker tool for harddisk encryption. With this opsi package bitlocker can be centrally configured. For more information, see wiki:windows/windows7#Bitlocker Bitlocker requires TPM activated in the BIOS. If TPM isn't available or disabled, the bitlocker OPSI package will fail. If TPM is activated, the bitlocker packages requires 2 reboots. The recovery password must be 8 blocks of 6 digits (as in the provided as example) and each block must be devidable by 11. Example: {{{ 000011-000022-000033-000044-000055-000066-000077-000088 }}} == wsusoffline == source:opsi/products/wsusoffline Using "WSUS Offline Update", you can update any computer running Microsoft Windows and Office safely, quickly and without an Internet connection, see http://www.wsusoffline.net/ This tools will download all (most) available * Microsoft Windows Updates * Microsoft Office Updates and additional Microsoft components like * .Net Framework * Powershell * MS Defender All these components are stored in the {{{client/}}} subdirectory. This directory can be distributed to other client systems. On these systems it can be installed by a wsusoffline script without further user interaction. To distribute and install these components, it can be packed into a OPSI package. === create a wsusoffline OPSI package === ==== using the wsusoffline RPM ==== * install the wsusoffline from http://software.opensuse.org/download/package?project=home:dassit:opsi:opsi4&package=wsusoffline * make sure, that the download user is member of the group {{{wsusoffline}}}, e.g. * {{{sudo /usr/sbin/groupmod wsusoffline -A $USER}}} * execute * {{{wsus-download-updates.sh}}} * select required products and start the download * the updates will be stored in the directory: {{{/var/lib/wsusoffline/client/}}} * copy the wsusoffline client directory into the OPSI package at {{{opsi_workbench/wsusoffline/CLIENT_DATA/client/}}} * {{{rsync -av --progress /var/lib/wsusoffline/client/. $YOUR_OPSI_PATH/opsi_workbench/wsusoffline/CLIENT_DATA/client/.}}} ==== using the wsusoffline ZIP-archive ==== * download and install wsusoffline from the ZIP archive at http://www.wsusoffline.net/ * start {{{wsusoffline/sh/DownloadUpdates.sh}}} * select required products and start the download * the updates will be stored in the subdirectory: {{{client/}}} * copy the wsusoffline subdirectory {{{client/}}} into the OPSI package at {{{opsi_workbench/wsusoffline/CLIENT_DATA/client/}}} === Known limitations === * wsusoffline 7.3.2 * bug in the Linux download code (dos2unix). Not all products are properly selected/deselected * wsusoffline 7.3 * winxp, dotnet-Framework 3.5 Language Pack is known not to work. I suggest installating dotnet-Framework 3.5 as a separate package * Why isn't the full wsusoffline application directly included in the OPSI package? Wouldn't it be easier to start the download directly in the OPSI directory instead of copying the client-directory to OPSI afterwards? * For the first run, this would be indeed easier. However, if you update the OPSI wsusoffline package to a newer version, all files already downloaded will be deleted (by opsi-package-manager), because they are not included in the package. Of course, you can backup them before, and apply them again after the update. However, then this approach would not be easier anymore. So in my opinion, it is cleaner, to handle the download indepent from the install part, and copy the full client-directory to OPSI after downloading the files. == xenserver-tools == Windows tools when running on a Citrix XenServer: source:opsi/products/xenserver-tools